News

Report: mobile device fraud soars by almost 7 times

Though a lot of fuss is made over attackers who will target desktop and laptop computers, a new report has revealed that mobile device fraud is rapidly expanding and transforming social media into a “cyber criminal marketplace”.

According to the latest quarterly report put together by the fraud and risk intelligence team at RSA Security, the total volume of mobile app transactions has increased by 200 per cent in the past three years – but the growth rate for fraudulent transactions sits at 680 per cent for the same period.

The proportion of mobile device transactions that were flagged as fraudulent has increased from 5 per cent in 2015 to 39 per cent this year. That figure has grown 63 per cent in the past 12 months alone, and the proportion of attacks that originated from traditional web browsers dropped form 62 per cent to 35 per cent.

What’s more interesting is the tactics of these mobile cyber attackers. RSA found that fraudsters tended to use a brand new phone, or “burner” device, in 82 per cent of fraudulent e-commerce transactions.

They will use both a new account and new device in 32 per cent of the attacks they recorded, suggesting that many will either use stolen or falsified identities as part of their process. Some may make “money mules” – accounts made to enable the stealthy transfer of ill-gotten cash – in order to escape evasion.

Phishing is also the tactic of choice for most cyber criminals, despite being considered an “old school” technique, accounting for 48 of all the frauds that RSA logged in the first quarter of 2018. Trojan malware, which will install a hidden bit of software on a user’s device to allow later access, was present in a quarter of all attacks in the same period.

One attractive target that is increasingly present on victim’s smartphones is their credit card, thanks to new apps like Apple Pay. RSA said it recovered some 3.1 million unique card records from online sauces when making this report, all of which included card verification numbers.

“There has been a sharp rise in the volume of legitimate transactions carried out over mobile apps, so it is only natural that hackers have followed suit in targeting mobile channels for fraud,” said Daniel Cohen, director at the RSA Fraud and Risk Intelligence Unit.

“Unfortunately, many mobile apps fail to build security from the ground up. This means cyber criminals and fraudsters are able to slip through the cracks, hijacking mobile applications and siphoning off credentials and funds. As mobile-related fraud continues to grow, consumers and businesses alike need to be aware of the risks.”